📦 PII Redactor — 实用工具
v1.0.5信息 from text 使用 locally-hosted, zero-shot PII/PHI detection model.
0· 233·0 当前·0 累计
by 下载技能包
License
Model
安全扫描
OpenClaw
可疑
medium confidenceThe skill's declared requirements and runtime instructions largely match its stated purpose (local PII redaction), but there are several inconsistencies and operational risks (PyPI install provenance, package/version/documentation mismatches, and a potential exfiltration channel if CLAWGUARD_URL is misconfigured) that warrant manual review before installing.
评估建议
This skill is conceptually coherent for local PII redaction, but do not install it blind. Before installing: 1) Verify the PyPI package source and review the package code (or the upstream GitHub repo) to ensure it does only what is described; confirm the package owner and checksums. 2) Reconcile the version mismatch (skill v1.0.5 vs pinned package 1.0.4) and confirm the correct release. 3) Ensure CLAWGUARD_URL is set only to localhost or a tightly-controlled internal HTTPS endpoint you operate (...详细分析 ▾
✓ 用途与能力
The skill name/description (local, zero-shot PII redaction) aligns with the declared binary requirement (clawguard) and the two required env vars (CLAWGUARD_URL, CLAWGUARD_TOKEN). Requesting a local service and a token is proportionate to the stated purpose. Note: the skill metadata/version (1.0.5) doesn't match the install package pin (clawguard-pii==1.0.4) which is inconsistent and should be reconciled.
ℹ 指令范围
SKILL.md instructs the agent to send the full draft response to the local redact endpoint and to block sending responses if the URL validation fails — this is expected for redaction. However, sending entire responses to an external service is an inherent exfiltration risk if CLAWGUARD_URL is pointed at a remote/untrusted host; the skill provides validation rules but those allow any HTTPS non-localhost 'internal-hostname' (ambiguous) which could be misused. The documentation also contains a placeholder/ambiguous source URL comment ('replace with the actual repository URL'), which suggests the package/source may not have been fully vetted.
⚠ 安装机制
The install spec uses a PyPI package (clawguard-pii==1.0.4) which will write a 'clawguard' binary — installing from PyPI is common but requires reviewing the package source. The SKILL.md references a GitHub URL placeholder and the registry lists a different skill version (1.0.5) than the pinned package (1.0.4), which is a red flag: either documentation or packaging is inconsistent. No code files were provided for static review, so the package itself is the only executable artifact to inspect before trusting it.
✓ 凭证需求
Only CLAWGUARD_URL and CLAWGUARD_TOKEN are required, which map directly to running a local redaction service. There are no unrelated secrets requested. Still, because the agent will send draft responses to the endpoint, these env vars effectively become a potential exfiltration control — ensure the URL points only to a host you control and the token is stored securely and rotated if needed.
✓ 持久化与权限
The skill is not always-enabled and does not request elevated platform privileges or modify other skills. It allows autonomous invocation (disable-model-invocation=false) which is normal — combine that with the ability to send full responses to the configured endpoint and the exfiltration risk is increased if the endpoint is untrusted, but this is an operational risk rather than an improper privilege request.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install pii-redactor
镜像加速npx clawhub@latest install pii-redactor --registry https://cn.longxiaskill.com镜像同步中